Downloading new apps to your computer is usually a pretty straightforward process, but now you need to be extra careful when doing it as hackers have started Impersonate popular apps to spread malware.
according to new blog post (Opens in a new tab) From a cyber security company SybilHackers have begun using phishing pages designed to impersonate a number of popular online applications. While a user may think they are downloading a widely used application, they are actually installing malware on their computers.
On January 16, the company’s researchers discovered a phishing site impersonating a celebrity chat application. The next day, the same phishing site was transformed to mimic the TeamViewer remote desktop tool site. This shows that the hackers behind the campaign are actively altering and customizing their phishing sites to target a number of popular applications.
Once a user clicks the download button on these phishing websites, malware named “messenger.exe” and “teamviewer.exe” gets downloaded onto their computer. However, the hackers behind this campaign are using a clever trick to bypass The best antivirus software: They fill these downloads with extra zeros to increase the size of their files. This helps malicious executables bypass security checks, as they can be difficult for antivirus software to detect.
Aurora malware
In this case, the malware being distributed is Aurora infostealer which, as the name suggests, can collect all kinds of sensitive data from browsers, browser extensions, and Crypto wallets and user directories on an infected device. Surprisingly, malware can also extract data from cable If the user has installed the desktop application.
Once all this sensitive information — including passwords — has been collected by Aurora, it’s saved in JSON format, compressed with GZIP, and converted to a Base64 encoding format before being sent to a command and control (C&C) server controlled by the hackers behind this campaign.
With a user’s cookies, browsing history, login data, and web data in hand, an attacker could commit fraud, Draining user’s bank accounts or even commitment Identity theft. Although the consequences of downloading a fake app that actually contains malware may not be apparent immediately, this can actually make things worse because infected people may continue with business as normal. All the while, hackers will continue to collect sensitive and personal data from infected computers.
How to stay safe from malware hiding in app downloads
Unsuspecting users tend to access these phishing sites by clicking Fake ads which began to appear frequently in search engines. As such, installing a The best ad blockers It can prevent you from seeing them which means you are less likely to end up on one of these phishing pages in the first place. In fact, even the FBI now recommends using an ad blocker.
At the same time, you also need to be very careful when downloading new software on both your smartphone and PC. You should always check to make sure you are on the company’s official website before clicking download. Scrolling down further when looking at the search results is a good way to make sure you land on the right site where hackers are impersonating GIMPAnd Notepad++ Other popular applications in the past and will likely continue to do so.
While you should definitely use antivirus software on your computer and one of the Best antivirus apps for Android On your Android smartphone, you may also want to consider upgrading to one The best internet security suites. Not only do these premium packages offer virus protection, but they often include a Password administratora VPN And a firewall to keep you better protected from all kinds of online threats.
Fake app downloads have been quite successful for hackers and other cybercriminals, which is why we’ll likely continue to see them use this tactic to infect unsuspecting users with malware in the future.
[ad_2]